Posted
by
timothy
on Thursday May 09, 2013 @04:49PM
from the wore-goggles-so's-not-to-cry dept.

Nerval's Lobster writes "For comedy publication The Onion, a recent cyber-attack by the Syrian Electronic Army was no laughing matter. The SEA managed to compromise The Onion's Twitter account, plastering it with insults aimed at the United Nations, Israel, and Syrian rebels. 'UN retracts report of Syrian chemical weapon use: "Lab tests confirm it is Jihadi body odor,"' read a typical (and perhaps one of the more printable) ones. When the Tweets appeared, some Onion Twitter-followers questioned whether the newspaper was playing some sort of elaborate meta-joke, perhaps riffing on a recent series of high-profile cyber attacks. But the SEA was serious, and so was The Onion about flushing the attackers from its systems. In a new posting on theonion.github.io, the publication's IT crew details exactly what happened. On May 3, attackers from the SEA fired off phishing emails to Onion employees, at least one of whom clicked on a malicious link. From there, the attackers compromised a handful of systems. 'In total, the attacker compromised at least 5 accounts,' the account concluded. 'The attacker logged in to compromised accounts from 46.17.103.125 which is also where the SEA hosts a website.' But following the crisis, The Onion couldn't resist swiping at its attackers. 'Syrian Electronic Army Has a Little Fun Before Inevitable Upcoming Deaths at Hands of Rebels,' read the headline for a May 6 article that described a fictional massacre of the SEA in gruesome detail."

most two-factor authentication schemes i've seen so far require users to have either a physical dongle that provides keycodes, a mobile phone capable of receiving SMS messages, or a smartphone app.

most users i've seen can't be bothered to take this "inconvenient" step to secure their accounts. i hope Google makes the two-factor login a requirement soon, but they're going to get some pretty tough pushback from the lazy.